USN-7484-1: OpenJDK 24 vulnerabilities
Alicja Kario discovered that the JSSE component of OpenJDK 24 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of OpenJDK 24 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of OpenJDK 24 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15
Affected Software
Event History
Child vulnerabilities
Contains the following vulnerabilities.
Frequently Asked Questions
What is the severity of USN-7484-1?
The severity of USN-7484-1 is classified as serious due to potential information disclosure arising from the vulnerability.
How do I fix USN-7484-1?
To fix USN-7484-1, upgrade to the version 24.0.1+9~us1-0ubuntu1~25.04 or later for the affected OpenJDK packages.
Which software versions are affected by USN-7484-1?
USN-7484-1 affects OpenJDK versions prior to 24.0.1+9~us1-0ubuntu1~25.04 running on Ubuntu 25.04 and 24.10.
What components are involved in USN-7484-1?
USN-7484-1 involves the JSSE component and the Compiler component of OpenJDK, which handle cryptographic operations incorrectly.
What actions should I take regarding USN-7484-1?
It is recommended to apply the latest security updates for OpenJDK to mitigate the risks associated with USN-7484-1.